From: kfraser@dhcp93.uk.xensource.com Date: Tue, 20 Jun 2006 11:01:09 +0000 (+0100) Subject: Export machine_to_phys start and end addresses to guests. X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~15921^2~18^2 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks://%22Dat/%22http:/www.example.com/cgi/%22https:/%22bookmarks:/%22Dat?a=commitdiff_plain;h=5363eb610a73f32ee2f877c5f48e1c0fc56d34f2;p=xen.git Export machine_to_phys start and end addresses to guests. Use this info in Linux to bounds-check accesses to the m2p table. Signed-off-by: Keir Fraser --- diff --git a/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/page.h b/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/page.h index 60f1742118..0c441209a5 100644 --- a/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/page.h +++ b/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/page.h @@ -89,19 +89,23 @@ static inline unsigned long mfn_to_pfn(unsigned long mfn) if (xen_feature(XENFEAT_auto_translated_physmap)) return mfn; - /* - * The array access can fail (e.g., device space beyond end of RAM). - * In such cases it doesn't matter what we return (we return garbage), - * but we must handle the fault without crashing! - */ + if (mfn >= MACH2PHYS_NR_ENTRIES) + return max_mapnr; + + /* The array access can fail (e.g., device space beyond end of RAM). */ asm ( "1: movl %1,%0\n" "2:\n" + ".section .fixup,\"ax\"\n" + "3: movl %2,%0\n" + " jmp 2b\n" + ".previous\n" ".section __ex_table,\"a\"\n" " .align 4\n" - " .long 1b,2b\n" + " .long 1b,3b\n" ".previous" - : "=r" (pfn) : "m" (machine_to_phys_mapping[mfn]) ); + : "=r" (pfn) + : "m" (machine_to_phys_mapping[mfn]), "i" (max_mapnr) ); return pfn; } diff --git a/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/page.h b/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/page.h index 3144836406..92fdee2fab 100644 --- a/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/page.h +++ b/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/page.h @@ -107,19 +107,23 @@ static inline unsigned long mfn_to_pfn(unsigned long mfn) if (xen_feature(XENFEAT_auto_translated_physmap)) return mfn; - /* - * The array access can fail (e.g., device space beyond end of RAM). - * In such cases it doesn't matter what we return (we return garbage), - * but we must handle the fault without crashing! - */ + if (mfn >= MACH2PHYS_NR_ENTRIES) + return end_pfn; + + /* The array access can fail (e.g., device space beyond end of RAM). */ asm ( "1: movq %1,%0\n" "2:\n" + ".section .fixup,\"ax\"\n" + "3: movq %2,%0\n" + " jmp 2b\n" + ".previous\n" ".section __ex_table,\"a\"\n" " .align 8\n" - " .quad 1b,2b\n" + " .quad 1b,3b\n" ".previous" - : "=r" (pfn) : "m" (machine_to_phys_mapping[mfn]) ); + : "=r" (pfn) + : "m" (machine_to_phys_mapping[mfn]), "ir" (end_pfn) ); return pfn; } diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 7c0ff9890d..01a6ab8722 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -396,11 +396,13 @@ void __init __start_xen(multiboot_info_t *mbi) BUILD_BUG_ON(sizeof(shared_info_t) > PAGE_SIZE); BUILD_BUG_ON(sizeof(vcpu_info_t) != 64); - /* __foo are defined in public headers. Check they match internal defs. */ + /* Check definitions in public headers match internal defs. */ BUILD_BUG_ON(__HYPERVISOR_VIRT_START != HYPERVISOR_VIRT_START); #ifdef HYPERVISOR_VIRT_END BUILD_BUG_ON(__HYPERVISOR_VIRT_END != HYPERVISOR_VIRT_END); #endif + BUILD_BUG_ON(MACH2PHYS_VIRT_START != RO_MPT_VIRT_START); + BUILD_BUG_ON(MACH2PHYS_VIRT_END != RO_MPT_VIRT_END); init_frametable(); diff --git a/xen/include/public/arch-x86_32.h b/xen/include/public/arch-x86_32.h index bbfccec68b..adde3ce1e8 100644 --- a/xen/include/public/arch-x86_32.h +++ b/xen/include/public/arch-x86_32.h @@ -74,16 +74,23 @@ DEFINE_XEN_GUEST_HANDLE(xen_pfn_t); */ #ifdef CONFIG_X86_PAE #define __HYPERVISOR_VIRT_START 0xF5800000 +#define __MACH2PHYS_VIRT_START 0xF5800000 +#define __MACH2PHYS_VIRT_END 0xF6800000 #else #define __HYPERVISOR_VIRT_START 0xFC000000 +#define __MACH2PHYS_VIRT_START 0xFC000000 +#define __MACH2PHYS_VIRT_END 0xFC400000 #endif #ifndef HYPERVISOR_VIRT_START #define HYPERVISOR_VIRT_START mk_unsigned_long(__HYPERVISOR_VIRT_START) #endif +#define MACH2PHYS_VIRT_START mk_unsigned_long(__MACH2PHYS_VIRT_START) +#define MACH2PHYS_VIRT_END mk_unsigned_long(__MACH2PHYS_VIRT_END) +#define MACH2PHYS_NR_ENTRIES ((MACH2PHYS_VIRT_END-MACH2PHYS_VIRT_START)>>2) #ifndef machine_to_phys_mapping -#define machine_to_phys_mapping ((unsigned long *)HYPERVISOR_VIRT_START) +#define machine_to_phys_mapping ((unsigned long *)MACH2PHYS_VIRT_START) #endif /* Maximum number of virtual CPUs in multi-processor guests. */ diff --git a/xen/include/public/arch-x86_64.h b/xen/include/public/arch-x86_64.h index b267cda83d..4f74bb523e 100644 --- a/xen/include/public/arch-x86_64.h +++ b/xen/include/public/arch-x86_64.h @@ -85,22 +85,26 @@ DEFINE_XEN_GUEST_HANDLE(xen_pfn_t); #define __HYPERVISOR_VIRT_START 0xFFFF800000000000 #define __HYPERVISOR_VIRT_END 0xFFFF880000000000 +#define __MACH2PHYS_VIRT_START 0xFFFF800000000000 +#define __MACH2PHYS_VIRT_END 0xFFFF804000000000 #ifndef HYPERVISOR_VIRT_START #define HYPERVISOR_VIRT_START mk_unsigned_long(__HYPERVISOR_VIRT_START) #define HYPERVISOR_VIRT_END mk_unsigned_long(__HYPERVISOR_VIRT_END) #endif +#define MACH2PHYS_VIRT_START mk_unsigned_long(__MACH2PHYS_VIRT_START) +#define MACH2PHYS_VIRT_END mk_unsigned_long(__MACH2PHYS_VIRT_END) +#define MACH2PHYS_NR_ENTRIES ((MACH2PHYS_VIRT_END-MACH2PHYS_VIRT_START)>>3) +#ifndef machine_to_phys_mapping +#define machine_to_phys_mapping ((unsigned long *)HYPERVISOR_VIRT_START) +#endif + /* Maximum number of virtual CPUs in multi-processor guests. */ #define MAX_VIRT_CPUS 32 #ifndef __ASSEMBLY__ -/* The machine->physical mapping table starts at this address, read-only. */ -#ifndef machine_to_phys_mapping -#define machine_to_phys_mapping ((unsigned long *)HYPERVISOR_VIRT_START) -#endif - /* * int HYPERVISOR_set_segment_base(unsigned int which, unsigned long base) * @which == SEGBASE_* ; @base == 64-bit base address